![[ Registered ]](/images/button3.gif){kind=small}
June 17, 2005
Most Infected Zombie Nation per capita
dave
12:30 AM
Comments (0)
Hong Kong is the country with the most PC zombies per capita in the world. This means that Hong Kong has the highest incidence of unpatched Windows PCs plugged directly into the internet with no firewall or other software. The owners of these PCs are unaware that their computer is being used to send spam and generate DDOS attacks.
I have to say that I'm not at all surprised by this. In general, awareness of PC Security and general IT good practise is appallingly low in Hong Kong. There's a tendency, especially in the Small to Medium Enterprises (SMEs) to go for the cheapest possible PC support for corporate networks and end up with one MCSE school-leaver trying to manage a network of workstations and Servers. This guy will have no experience of serious Enterprise level security and will often unwittingly place workstations out on the public internet where they can be compromised almost instantly. (A windows XP box can be compromised in a few minutes just by being directly connected to the internet.)
At least one company that I'm aware of has an IT administrator who is so ignorant of the very basics of his profession, that he thinks 192.x.x.x is a private Class A netspace! Mind you, the MD of that company wanted me to sort out their network systems for free, while doing a full days work of other consulting, so I guess that explains a lot.
I've been asked to look at computers which their owners think are being a bit too slow. "Normally", the lady explained to me, "I trade in my laptop for a new one every year, because there's a new model out, and my old computer is very slow after a year. This one is very slow after only a few months." So I look at it. It's rotten with spyware, viruses, bots, whatever. Directly after rebooting, there were about 150 processes running, each one trying to take 100% of the CPU and 100% of the RAM. The network connections (wired and wireless) are maxed out with attempts to send out crap. After booting in Safe Mode and running Adaware and an anti-virus program, things were much improved. And don't think that this PC was this bad because a woman was using it - her husband's laptop was just as bad, and he works in IT!
The simplest solution for this sort of thing is to put a hardware firewall between your PC and the internet. These boxes generally ship with external access switched off. i.e., no one from outside can make a connection to your machine. Unless you're running a mail or webserver, etc, this is fine for you.
If you have a modern laptop with Wireless networking, then a simple Linksys wireless box will allow you to connect to the internet from anywhere in your flat and also protect you from most attacks. If you have a wired PC, the wired equivalent will do the same job. There are other brands, of course, but they all do more or less the same things.
November 13, 2003
China Inflatables
dave
01:17 AM
Comments (0)
My yahoo address got spam today from a company advertising "China Inflatables", or inflatable things (like chairs, beds, etc) made in China. I complained as usual but was very tempted to reply. Maybe the next time, I'll do something like...
Dear Sirs,
Thank you for your invitation to buy Inflatable Chinese. I have an urgent requirement for some twenty thousand inflatable punch-bags with weighted bases for my self-defense classes. These punch-bags should be life size and weighted at the base so that the bounce back when knocked over. They should be of durable material, as they will be subject to a great many beatings as we train our soldiers, er, students.
The inflatable Chinese I require are Deng Xiao Ping, Jiang Xe Min, and Hu Jin Tao and any other members of the Chinese Government, both past and present. Mao Ze Dong would be a nice addition, although I understand that you personally hold him in high regard.
We would be grateful if you could supply the above specified merchandise before October 2004, as it would help with our invasion, er, self defense plans.
Yours sincerely,
G. W. Bush
Mind you, this is such an obvious fake - there's no way that Dubya could put that many English sentences together.
September 23, 2003
Yet Another Microsoft Vulnerability!
dave
01:10 PM
Comments (0)
There are more Microsoft vulnerabilities revealed last night/this morning. Computer Security Experts, say you should go here to download the patch.
I say you should probably go here, or maybe here instead.
The use of Microsoft products must cost business billions of dollars everytime some problem like this comes along. There must come a point at which the cost of using Microsoft Products:
- The restrictive and expensive licensing,
- The costs of securing networks against successive security holes and vulnerabilities
- The costs of forced upgrades due to aggressive end-of-lifing of Operating Systems
- The costs of forced hardware upgrades because each versions of Windows requires about twice the horsepower of the one before it.
- The costs of having to run server level applications on vastly overspecified hardware because of inefficient and bloated programming (Think of the clusters of machines required for a reliable Exchange installation versus what would be required for a Unix mail solution. There's a good reason why Hotmail still doesn't run on Windows.)
must be greater than any potential productivity gains by using Windows.
The situation now is ridiculous: there is an acceptance that all computers are vulnerable to these attacks and that massive downtime is just a cost of doing business. This is just not so. It's a result of years of wilful spreading of cluelessness on the part of Microsoft, of years of dumbing down the skills believed to be required to run a server room. It's a direct result of saying "See? With Windows, running a room full of servers is just as complicated as playing Minesweeper!". This is precisely the attitude which has resulted in the profession of System Administrator being relegated to a career for school leavers who, lacking any experience of anything but Windows, perpetrate all the same mistakes.
September 17, 2003
Hijacking
dave
12:50 AM
Comments (0)
Yesterday, Verisign hijacked the Internet's Domain Name System. Any mistyped .com or .net address will now resolve to sitefinder.verisign.com. While this sounds like it might be innocent, it has one important ramification:
Spam - One of the best ways to guard a mail server against spam is to reject email from non-existent domains. This change will ensure that all domains exist and so rejecting non-existent domains will not work. There are workarounds for this. Blocking Verisign.com is my chosen route.
September 16, 2003
Deception
dave
12:32 AM
Comments (1)
I stumbled (via Breanagh's Blog) on a disturbing thing tonight. Apparently, if you mistype blogspot.com as blogpsot.com (not the transposition of s and p there), you get redirected to a bible site: http://www.bibledesk.com/. Now, I have nothing against Bible sites, and often frequently check out many religious sites myself to see if what people claim is holy writ really is. For example, just after September 11 2001, many people quoted Al Qu'ran as saying that martyrs received 72 virgins in the afterlife. You can check out that claim here if you want. Nothing shuts up a fundie like appearing to know his own holy books better than he does.
However, redirecting people who make a simple typing mistake to your own site is the sort of thing Porn Spammers do. Witness the Official White House Website: http://www.whitehouse.gov/ and a porn site (with skanky interns) http://www.whitehouse.com (which I am not going to link to). It's not good company for a supposedly Christian site to keep, now is it?
I'm going to email Earl Ball, domainhost@worldnet.att.net about this and ask. That's a very suspicious email address. He also lives at PO Box 10142, St. Petersburg Florida 33733. Actually, there are a lot of spammers in Florida, so I'm not going to email him. That address looks fake as all heck to me anyway. I'll just leave this permanent record about his duplicity here...
September 08, 2003
Spam
dave
02:32 AM
Comments (0)
I've been getting assaulted by spammers again. This time is Paul Cabay, of utyx.com, who is apparently scanning my website for keyword and them sending email to various addresses asking me to link to him. I thought about telling him what he was doing wrong, but realised that that would merely confirm that the addresses he sent to were live.
This brings me back to the cardinal rule for spam: Never reply to a spammer. It just gives him an email address (yours) to sell. The only way spammers make money is:
- When idiots try and buy the Penis/Breast Enlargers, Florida Mortgages, or Brooklyn Bridges they're selling. Or maybe the Viagra, West African Ill Gotten Gains, or other nonsense.
- When people reply to a spam saying "Stop sending me spam!" or click on the unsubscribe address.
All either of those things do is confirm that the email address sent to is valid, and that the recipient reads spam! Never reply or respond. If possible, don't even open the spams, as they can have links which confirm that your email address read their spam. Then you'll just get more and more and more, etc.
It used to be that I'd encourage people to complain about spam. Now, that's a bad idea. The ISP (Internet Service Providers) who don't get rid of spammers straight away now are those who'll take anyone's money, whether it be:
- Penis Enlargement Spammers
- West African Fraud
- Cheap USA mortgages
- Paedophilia
- Bestiality
Or any of the other rubbish which fills your mailbox.
What you should do now is delete all the crap which comes in, and only complain about it if you really know how to read headers. If you use Outlook, you can't see all the headers anyway, so you can't complain effectively. You should make rules which put all email from people you know into a 'safe' folder, and all other email into a 'possible junk mail' folder, which should be read with extreme prejudice.
August 23, 2003
More Anti-spammer stuff
dave
07:27 PM
Comments (0)
I've spent most of the last day trying to block off access to my website from the spamming scum who were trying to use it to advertise their porn sites. What I've done is as follows:
- Blocked search robots from my usage section using robots.txt
- Password protected my usage section
- Assembled a long list of the referrers (almost all porn sites) involved and blocked all further access to them to a password protected directory
All of the password protected directories mention that the users computer maybe being used against their will and they should check their computer for SpyWare using a product like AdAware.
I hate Vermin.
August 22, 2003
under Attack II
dave
12:57 AM
Comments (0)
OK, I seem to have sorted out the previous problem by doing a few thing:
- Turning off the webserver for a few hours
- Firing off complaints to the administrator of the IP space the scum was in
The perpetrator was in cyberwurx.com space, who rent their addresses from level3.net. Level3.net are extremely blackhat and spam supportive. I guess it was the fact that my webserver was down for a few hours which stopped the morons attacking me.
Moral of the story: spammers are thieving scum. They lie, they cheat and they steal.
I am now going to drink some beer and play Tomb Raider: Angel of Darkness for a while.
August 21, 2003
Under Attack!
dave
11:01 PM
Comments (0)
Right now, my webserver is under a massive referral attack from the owner of www.top-penis-enlargement.com. He's slamming my server with hundreds of requests per second, all from what seem to be open proxies. Until I can sort out a means of identifying which list of open proxies he's using, I'm stopping the webserver.
July 03, 2003
Yet more abuse
dave
11:50 AM
Comments (0)
I've just noticed over 200,000 (That's Two Hundred THOUSAND!) requests in my httpd logs from one particular address hosted by ev1.net. These requests are trying to push ostest.ru into top place in my referral logs, and presumably, benefit from being linked to. These requests have sucked down over 3GB (THREE GIGABYTES!) of my bandwidth in the last few days so, as you can image, complaints have been sent. I haven't bothered complaining to the Russians: from past experience, it's a waste of time. I have complained to EV1.net, and this may or may not get a response.
I've also blocked both that IP and the OSTEST.RU domain from this site and I'm currently writing a perl script to implement some sort of quota on the webserver use.
Update: OK, anyone who makes more than two thousand requests in any one log period gets banned by IP address. This is checked hourly, so this sort of abuse will get you blocked forever. I absolutely *hate* getting taken advantage of. Also, I got nothing more than a boilerplate response from ev1.net, so I'm assuming that they don't care. EV1.net - spammers!.
June 10, 2003
www.genericas.com
dave
02:19 PM
Comments (0)
I don't know who the hell www.genericas.com is, but they're probing my web server. I've blocked them permanently, and may null route them. Checking that someone else's web server is up every two minutes is abusive behaviour.
May 05, 2003
Image Theft
dave
10:35 AM
Comments (0)
The latest in a long line of websites who think they can use my images without bothering to ask me is http://coldfusion.today.com.sg/index.htm. As you can see, if you visit the link, they're blocked from using my images.
April 19, 2003
More bandwidth theft
dave
02:11 PM
Comments (0)
Once again I find people stealing my bandwidth by linking to my images. If this is done with my permission, I'll be ok with it, but it's almost always done without asking. I'm not going to put up with it anymore. All external links to images are blocked.
February 17, 2003
Copyright
dave
12:00 AM
Comments (0)
I found a few places deep-linking to some of my pictures this morning: www.undergroundhiphop.com and www.network54.com. In both cases, there was no attempt to credit me as the photographer and one of the images was of Roxanne, my daughter. I will absolutely not tolerate my bandwidth and my images being used in this way.
UndergroundHipHop.com responded to my complaints and removed the link, which was posted by a user named Mathematics. Network54.com have done nothing. The user there known as Alex is no better than a thief. He's incompetent too: he used the image on the left and claimed that it was a picture of a building by Frank Lloyd Wright. what a maroon!
September 30, 2002
More abuse
dave
12:00 AM
Comments (0)
OK, as of right now, I've taken down the page which let you see the usage this site was getting. It was being abused by some filthy German porn spammers. They were submitting their own pages as referrers to my page which made their pages show up on my pages. With the way google works, their pages would then come up higher than normal in a Google search (as they're referred by more outside pages). Spammers - another word for scum.
September 10, 2002
FormMail.pl
dave
12:00 AM
Comments (0)
I'm getting probed for the above weakness by segfault.monkeys.com. Not sure whether is just a test or someone looking for an open proxy. (update 11/09/2002: it was just a test by the formmail.pl list people.)
Spammers suck. They steal time, bandwidth, money. Spam is a waste of my time and resources. There are times I'm glad I subscribe to SPEWS as well as many other blocklists. If you tried to send me email and it bounced, it was probably due to your ISP being a haven for spammers and other scum.
Also, my website is being scanned by some very dubious looking addresses: interbusiness.it and tiscali.com. I haven't heard much good about them.
June 21, 2002
Spam filtering
dave
12:00 AM
Comments (0)
I've been working on a spam filtering system for work which uses sendmail and procmail. I got fed up with clunky commercial systems which cost a fortune and don't allow any sophisticated pattern matching. After spending ages scouring the procmail list and the sendmail faqs, I've come up with a system to do what I want. I'm going to write it up and put it on the site sometime. It'll be at sendmail.html.